Question 1

Because of the minor role it plays, DNS is never the focus of attacks.

Accepted Answer

This statement is false. DNS is actually a frequent target for cyber attacks because compromising DNS can lead to a variety of malicious activities, including redirecting users to malicious websites, intercepting email communication, and performing phishing attacks.

Question 2

Which SQL injection statement example below could be used to discover the name of the table?&#10;A)whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); --&#10;B)whatever' AND 1=(SELECT COUNT(*) FROM tabname); --&#10;C)whatever; AND 1=(SELECT COUNT(*) FROM tabname); --&#10;D)whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --

Accepted Answer

Option B is correct because it properly utilizes a single quote to break out of a string context in an SQL query, which is a common technique in SQL injection attacks. The syntax follows a pattern that could be used to manipulate the query to return information about the number of rows in a table named "tabname", assuming "whatever" is part of a valid query. This technique can be a step towards discovering the name of the table if the attacker iteratively guesses the table name. The "--" at the end is used to comment out the rest of the SQL statement, ensuring that only the attacker's injected SQL is executed.

Question 3

What language below is used to view and manipulate data that is stored in a relational database?&#10;A)C&#10;B)DQL&#10;C)SQL&#10;D)ISL

Accepted Answer

SQL (Structured Query Language) is specifically designed to view and manipulate data stored in relational databases. C is the correct choice. A is incorrect because C is the language used for database management. B and D are not commonly used in database management.

Question 4

XSS attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user.&#8203;

Accepted Answer

XSS attacks, also known as Cross-Site Scripting attacks, involve injecting malicious code into a web application by exploiting vulnerabilities in user input. This allows an attacker to execute scripts or steal sensitive data from the user. It can occur when user input is not properly validated before being presented back to the user, making it vulnerable to XSS attacks.

Question 5

Which type of attack below is similar to a passive man-in-the-middle attack?&#10;A)replay&#10;B)hijacking&#10;C)denial&#10;D)buffer overflow

Accepted Answer

A replay attack involves capturing network traffic and then replaying it at a later time to gain unauthorized access or perform malicious actions. This is similar to a passive man-in-the-middle attack, as both involve intercepting communication without altering it in real-time. Hijacking and buffer overflow are more active types of attacks, and denial of service attacks involve actively disrupting or denying access to a system.

Question 6

Choose the SQL injection statement example below that could be used to find specific users:&#10;A)whatever' OR full_name = '%Mia%'&#10;B)whatever' OR full_name IS '%Mia%'&#10;C)whatever' OR full_name LIKE '%Mia%'&#10;D)whatever' OR full_name equals '%Mia%'

Accepted Answer

C is the only statement that uses the correct syntax to search for a specific user using a wildcard character (%). The LIKE keyword is used to search for certain patterns in the database. The % symbol is a wildcard character that can match any number of characters.

Question 7

The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?&#10;A)/var/www&#10;B)C:\Inetpub\ wwwroot&#10;C)/var/html&#10;D)C:\wwwroot

Accepted Answer

The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at "C:\Inetpub\wwwroot".

Question 8

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?&#8203;&#10;A)&#8203;Privilege escalation&#10;B)&#8203;DNS cache poisoning&#10;C)&#8203;ARP poisoning&#10;D)&#8203;Man-in-the-middle

Accepted Answer

The scenario described is an example of privilege escalation, where a user without administrative privileges is able to perform tasks that are limited to only administrative accounts. This exploit is commonly used by attackers to gain higher levels of access to a system and can be achieved through various means such as exploiting vulnerabilities, using social engineering tactics, or misconfigurations.

Question 9

Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.

Accepted Answer

Traditional network security devices such as firewalls and intrusion detection/prevention systems can effectively block traditional network attacks, but they may not be able to detect and block attacks targeting Web applications. This is because Web application attacks often use legitimate traffic and exploit vulnerabilities in the application itself, requiring specialized security measures such as Web application firewalls.

Question 10

ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.

Accepted Answer

The answer of ARP poisoning is successful because there are...

Question 11

Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.

Accepted Answer

The answer of Because the XSS is a widely known...

Question 12

HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format?&#10;A)&#8203;blocks&#10;B)&#8203;marks&#10;C)&#8203;taps&#10;D)&#8203;tags

Accepted Answer

The answer of HTML uses which option below within embedded...

Question 13

To what specific directory are users generally restricted to on a web server?&#10;A)top&#10;B)base&#10;C)root&#10;D)tap

Accepted Answer

The answer of To what specific directory are users generally...

Question 14

What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted?&#10;A)HTTP header&#10;B)HTML header&#10;C)XML header&#10;D)SSL header

Accepted Answer

The answer of What portion of the HTTP packet consists...

Question 15

Attacks that take place against web based services are considered to be what type of attack?&#10;A)client-side&#10;B)hybrid&#10;C)server-side&#10;D)relationship

Accepted Answer

The answer of Attacks that take place against web based...

Question 16

A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?&#10;A)buffer overflow&#10;B)drive-by-download&#10;C)denial of service&#10;D)stack underflow

Accepted Answer

The answer of A user has become compromised as a...

Question 17

Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?&#10;A)whatever AND email IS NULL; --&#10;B)whatever; AND email IS NULL; --&#10;C)whatever&#34; AND email IS NULL; --&#10;D)whatever' AND email IS NULL; --

Accepted Answer

The answer of Which SQL statement represents a SQL injection...

Question 18

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?&#10;A)DNS poisoning&#10;B)Phishing&#10;C)DNS marking&#10;D)DNS overloading

Accepted Answer

The answer of How can an attacker substitute a DNS...

Question 19

The exchange of information among DNS servers regarding configured zones is known as:&#10;A)resource request&#10;B)zone disarticulation&#10;C)zone transfer&#10;D)zone removal

Accepted Answer

The answer of The exchange of information among DNS servers...

Question 20

Which SQL injection statement can be used to erase an entire database table?&#10;A)whatever'; DROP TABLE members; --&#10;B)whatever'; DELETE TABLE members; --&#10;C)whatever'; UPDATE TABLE members; --&#10;D)whatever'; RENAME TABLE members; --

Accepted Answer

The answer of Which SQL injection statement can be used...

Question 21

What language below is for the transport and storage of data, with the focus on what the data is?&#10;A)&#8203;XML&#10;B)&#8203;HTML&#10;C)&#8203;SGML&#10;D)&#8203;SML

Accepted Answer

The answer of What language below is for the transport...

Question 22

What language below is designed to display data, with a primary focus on how the data looks?&#10;A)XML&#10;B)HTML&#10;C)SGML&#10;D)ISL

Accepted Answer

The answer of What language below is designed to display...

Question 23

Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

Accepted Answer

The answer of Match the following terms to the appropriate...

Question 24

Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Accepted Answer

The answer of Match the following terms to the appropriate...

Question 25

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:&#10;A)HTTP&#10;B)NSDB&#10;C)URNS&#10;D)DNS

Accepted Answer

The answer of When TCP/IP was developed, the host table...

Question 26

Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.

Accepted Answer

The answer of Match the following terms to the appropriate...

Question 27

Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Accepted Answer

The answer of Match the following terms to the appropriate...

Question 28

Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
An attack that injects scripts into a web application server to direct attacks at clients.

Accepted Answer

The answer of Match the following terms to the appropriate...

Question 29

Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
Another name for locally shared object (LSO)

فتح الحزمة

افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.

فتح الحزمة

k this deck

Accepted Answer

The answer of Match the following terms to the appropriate...

Question 30

A web browser makes a request for a web page using the ________________.

Accepted Answer

The answer of A web browser makes a request for...

Question 31

Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
Another name for locally shared object (LSO)

فتح الحزمة

افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.

فتح الحزمة

k this deck

Accepted Answer

The answer of Match the following terms to the appropriate...

Question 32

Ethernet LAN networks utilize the physical _________________ address to send packets.&#8203;

Accepted Answer

The answer of Ethernet LAN networks utilize the physical _________________...

Question 33

Select below the string of characters that can be used to traverse up one directory level from the root directory:&#10;A);/&#10;B)./&#10;C)%20/&#10;D)../

Accepted Answer

The answer of Select below the string of characters that...

Question 34

Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
Part of the TCP/IP protocol for determining the MAC address based on the IP address.

Accepted Answer

The answer of Match the following terms to the appropriate...

Question 35

Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Accepted Answer

The answer of Match the following terms to the appropriate...

Question 36

The predecessor to today's Internet was a network known as ____________________.

Accepted Answer

The answer of The predecessor to today's Internet was a...

Question 37

Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Accepted Answer

The answer of Match the following terms to the appropriate...

Question 38

A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.

Accepted Answer

The answer of A(n) ____________________ cookie is stored in Random...

Question 39

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:&#10;A)Session replay&#10;B)Session spoofing&#10;C)Session hijacking&#10;D)Session blocking

Accepted Answer

The answer of An attack in which the attacker attempts...

Question 40

A TCP/IP communication begins with a control message, known as a ________________, to initialize the connection.
Match the following terms to the appropriate definitions.
a.Address Resolution Protocol (ARP)
b.ARP Poisoning
c.Buffer overflow attack
d.Command injection
e.Cross-site scripting (XSS)

Accepted Answer

The answer of A TCP/IP communication begins with a control...

Question 41

What is the goal of a directory traversal attack?&#8203;

Accepted Answer

The answer of What is the goal of a directory...

Question 42

What is a cookie, and how is it used?&#8203;

Accepted Answer

The answer of What is a cookie, and how is...

Question 43

In a drive-by download attack, provide an example of how an attacker might avoid visual detection.&#8203;

Accepted Answer

The answer of In a drive-by download attack, provide an...

Question 44

How does a cross-site scripting (XSS) attack work?

Accepted Answer

The answer of How does a cross-site scripting (XSS) attack...

Question 45

List three of the most common Web application attacks.

Accepted Answer

The answer of List three of the most common Web...

Question 46

What are zero-day attacks?&#8203;

Accepted Answer

The answer of What are zero-day attacks?&#8203;...

Question 47

Explain the HTTP header referrer attack.

Accepted Answer

The answer of Explain the HTTP header referrer attack....

Question 48

Describe the two types of privilege escalation.

Accepted Answer

The answer of Describe the two types of privilege escalation....

Question 49

How does ARP poisoning take advantage of the use of ARP?&#8203;

Accepted Answer

The answer of How does ARP poisoning take advantage of...

Question 50

How does a SYN flood attack work?&#8203;

Accepted Answer

The answer of How does a SYN flood attack work?&#8203;...

Deck 3: Application and Networking-Based Attacks